#!/usr/bin/env bash

# Compare licenses of Go dependencies against a whitelist.

###### script header ######

lib=$(realpath @@BASE_LIB@@) || exit 1
stat "${lib}" >> /dev/null || exit 1

# shellcheck source=../sh/lib.bash
if ! source "${lib}"; then
  echo "Error: could not find import"
  exit 1
fi

go=$(realpath @@GO@@)
stat "${go}" >> /dev/null
golicenses=$(realpath @@GO_LICENSES@@)
stat "${golicenses}" >> /dev/null

cd "${BUILD_WORKSPACE_DIRECTORY}"

###### script body ######

not_allowed() {
  echo "license not allowed for package: ${line}"
  err=1
}

license_report() {
  PATH="$(dirname "${go}"):${PATH}" \
  GOROOT=$(${go} env GOROOT) \
  GOPATH=$(${go} env GOPATH) \
  GOCACHE=$(${go} env GOCACHE) \
    ${golicenses} report ./... | {
    while read -r line; do

      pkg=${line%%,*}
      lic=${line##*,}

      case ${lic} in
      Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;;

      MPL-2.0)
        case ${pkg} in
        github.com/siderolabs/talos/pkg/machinery/config/encoder) ;;

        github.com/letsencrypt/boulder) ;;

        github.com/hashicorp/*) ;;

        *)
          not_allowed
          ;;
        esac
        ;;

      AGPL-3.0)
        case ${pkg} in
        github.com/edgelesssys/go-tdx-qpl) ;;

        *)
          not_allowed
          ;;
        esac
        ;;

      Unknown)
        case ${pkg} in
        github.com/edgelesssys/constellation/v2/*) ;;

        *)
          not_allowed
          ;;
        esac
        ;;

      *)
        echo "unknown license: ${line}"
        err=1
        ;;
      esac

    done
    exit "${err}"
  }
}

${go} mod download

err=0

if test -v SILENT; then
  license_report 2> /dev/null
else
  license_report
fi
